3014f18dc1efcad698f19ebe52f6e36a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3014f18dc1efcad698f19ebe52f6e36a_JaffaCakes118
Size

1.3MB
MD5

3014f18dc1efcad698f19ebe52f6e36a
SHA1

07de420c657e5ff0a82cff06bd79e11cab6b4d3b
SHA256

abc5e2edd98e5d67665bd95c00c26a734cf69c8f6cf7e54e2b864ec19c7ba0a9
SHA512

b2c80d7fbe5e889830d0d5df9874f4e5b56479728330588ebcde7ddbb732306b7fe40cd2e84c343c0327d7e0ad440e61fc4999025df197dc1c55daf1bdefde0f
SSDEEP

24576:MmCEefZDDN6uMxHHHRpMbMOodz3GUjLraHEpezrRx05jSQ:2EeflNMxHHHRJp3PjSHzg5jx

Score

1^/10

Malware Config

Signatures

Files

3014f18dc1efcad698f19ebe52f6e36a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3efcba56ebc359dd702ad196a2e75d3e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:ba:24:a7:86:00:39:cd:7c:89:8a:a4:e1:c9:cd:ae
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/09/2009, 00:00

Not After

11/11/2011, 23:59

Subject

CN=FastViewer GmbH und Co KG,OU=SECURE APPLICATION DEVELOPMENT,O=FastViewer GmbH und Co KG,L=Neumarkt in der OPf,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\club\NoSC\2005\FSpace.root\FSpace\release\FastClient.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mpr

WNetGetUniversalNameW

netapi32

NetUserModalsGet

activeds

ord3

user32

GetDCEx

gdi32

SetBkMode

advapi32

CryptAcquireContextW

shell32

SHGetSpecialFolderLocation

ole32

CoSetProxyBlanket

oleaut32

SafeArrayGetElement

ws2_32

inet_ntoa

comctl32

ImageList_BeginDrag

wininet

HttpQueryInfoW

version

GetFileVersionInfoSizeW

winmm

waveOutClose

msacm32

acmStreamClose

comdlg32

GetSaveFileNameW

Sections

.text
Size: 1.2MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3efcba56ebc359dd702ad196a2e75d3e

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

5a:ba:24:a7:86:00:39:cd:7c:89:8a:a4:e1:c9:cd:aeCertificate

Extended Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

mpr

netapi32

activeds

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

comctl32

wininet

version

winmm

msacm32

comdlg32

Sections

.text Size: 1.2MB - Virtual size: 6.0MB

.rsrc Size: 70KB - Virtual size: 72KB

01
Certificate

0a
Certificate

5a:ba:24:a7:86:00:39:cd:7c:89:8a:a4:e1:c9:cd:ae
Certificate

.text
Size: 1.2MB - Virtual size: 6.0MB

.rsrc
Size: 70KB - Virtual size: 72KB